ALAS-2015-558


Amazon Linux AMI Security Advisory: ALAS-2015-558
Advisory Release Date: 2015-07-07 22:26 Pacific
Severity: Medium
References: CVE-2015-3202 

Issue Overview:

It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system.


Affected Packages:

fuse


Issue Correction:
Run yum update fuse to update your system.

New Packages:
i686:
    fuse-debuginfo-2.9.4-1.17.amzn1.i686
    fuse-devel-2.9.4-1.17.amzn1.i686
    fuse-2.9.4-1.17.amzn1.i686
    fuse-libs-2.9.4-1.17.amzn1.i686

src:
    fuse-2.9.4-1.17.amzn1.src

x86_64:
    fuse-devel-2.9.4-1.17.amzn1.x86_64
    fuse-debuginfo-2.9.4-1.17.amzn1.x86_64
    fuse-2.9.4-1.17.amzn1.x86_64
    fuse-libs-2.9.4-1.17.amzn1.x86_64